Addressing the Impact of New-Age Cybercrime Ecosystem

June 21, 2020
Muhammad Khurram Khan

Cybercrime is an offensive or illegal act that is undertaken with a criminal motive to intentionally acquire financial gains, cause physical or mental harm, and defame a victim. Such activities exploit vulnerabilities in the use of the internet and computing systems to illicitly access or attack information and services.

Recently, cyberspace has become a great treasure for illicit criminal activities due to the heavy global investments, online financial transactions, and monetary scale. Criminals in the cyberspace are ruthless and can range from well-trained individuals, organized cybercrime groups, and state-sponsored hackers, etc. Similarly, the victims of cybercrimes can be classified into three major categories e.g. individuals or common computer users, organizations, and governments.

While the massive number of cybercrimes is committed against individuals or high-profile targets, however certain type of cybercrimes could have more broader scope, which target governments and high-tech organizations for hacking, espionage, terrorism, treason, and hacktivism etc., behind the motives of financial, social, ideological, and military to political gains.

The cybercrime landscape evolves year over year as criminals innovate their offensive strategies, develop more advanced and sophisticated tools and techniques, and exploit potential security flaws and zero-day vulnerabilities in the modern systems and technologies.

Cybercrime is basically an intractable issue because offenders tend to be anonymous and could commit crimes under the jurisdictions without effective rule of law and litigation. While cybercrimes make unprecedented damages to individuals, private and public organizations, they also drive up cybersecurity spending to mitigate risks and threats. With the passage of time, cybercrimes are becoming increasingly pervasive and sophisticated and have more severe economic impact than most conventional crimes happened in the physical world.

According to Cybersecurity Ventures, “It is estimated that cybercrime damages could cost the world around USD 6 trillion by 2021, which is more profitable than the global trade of illegal drugs and higher than the GDP of many developed countries.” According to Cybersecurity Ventures, “to defend cyberspace from crimes, hacking, extortions, and intrusions, USD 1 trillion will be spent globally between 2017 and 2021.”

The cybercriminal ecosystem is continuously progressing with great sophistication and techniques, where anyone with an agenda can simply rent, lease or purchase an ‘as a Service’ business model, which is facilitating to accelerate the advancement and growth of global cybercrime industry. On top of that the custom-built, targeted malware, and threats tailored to specific individuals and organizations, are growing exponentially.

As ‘cybercrime-as-a-service’ becomes more ubiquitous and easily accessible through dark web, the encrypted part of the internet that is difficult to track, where threat actors are increasingly trying to show that they are as easy to work with as they have useful yet targeted service-driven models. Unlike other physical crimes where there is a victim, offender and the crime location, cybercrimes tend to be well-organized, multi-national, and difficult to trace back and challenging to attribute.

The situation could be more aggravated when ‘cybercrime-as-a-service’ model is leveraged by criminal organizations against nation-states and high-tech organizations to perform advanced persistent threats (APTs), distributed denial of service (DDoS) attacks, ransomware, disruption of services, and espionage operations etc. The high-tech industries are driving force for innovation and competitiveness and play an essential role in the prosperity of a country, and any disruption in their operations and services could lead to serious losses.

In the near future, cybercrimes may create unmatched damages and disruptions due to the fusion of modern technologies that is blurring the lines between the physical, digital and biological spheres and providing with connectivity to daily-life things e.g. autonomous vehicles, consumer electronic devices, homes, cities, industries and critical infrastructure etc. It is estimated that the total installed base of Internet of Things (IoT) connected devices is projected to amount to 75.44 billion worldwide by 2025. Consequently, cyber criminals could exploit the vulnerabilities of IoT software, hardware and communication systems for financial and political motives.

On the other hand, the roll-out of 5G high-speed wireless technology is ushering in an era of super-fast internet speeds and could exacerbate the rate and tenacity of cybercrimes with an exponential impact and magnitude. Furthermore, the modus operandi of cybercriminals is going to be more complex and persistent due to the use of offensive artificial intelligence (AI) and machine learning (ML) driven state-of-the-art hacking tools, which are quite hard to identify, protect, detect, respond and recover. Not only will AI/ML-fueled attacks be much more tailored and more effective, they will outpace human response and outwit contemporary defense systems and skills.

To confront these cybercriminals of new-age, cybercrime legislation should be an integral part of the national cybersecurity strategy for any country. Human are the greatest cybersecurity risk as well as the greatest asset to protect from risks, therefore, governments around the world should launch awareness campaigns and training programs to aware general public about the harms and consequences of committing cybercrimes as well as they need to develop robust online platforms to report them.

On the other hand, building up capacity and capability of law enforcement agencies and smooth prosecution process is highly important to prosecute and adjudicate cybercrime cases. Research, development and innovation support programs to d
evelop robust and efficient strategies to combat cybercrimes e.g. cutting-edge tactics like cyber deception, reverse engineering, AI/ML, and predictive analytics to protect from cyber criminals, are paramount to address the mechanics of modern cybercrime tactics.

In addition, law-enforcement agencies should have the necessary skills, knowledge, and tools to investigate cybercrime incidents. Cybercrime as a service will continue to innovate, therefore, cyber policing must also innovate to address this challenge. Besides, to deter the transnational cybercrimes and combat criminal organizations, governments need to strengthen their collaboration and alliance for the investigation and prosecution process.

Strengthening institutional frameworks with adequate people, process and technology is imperative to curb cybercrimes e.g. dark web monitoring, open source intelligence, crime against children and women and other malware attacks, etc. Partnership, engagement and collaboration of public and private sector, civil society, and academic institutions is indispensable and global tech companies could play a vital role to beef up cybersecurity and fight against cybercriminals and their networks for a resilient, safe, and peaceful cyberspace.

— Muhammad Khurram Khan is a professor of Cybersecurity at King Saud University as well as founder & CEO of Global Foundation for Cyber Studies and Research in Washington D.C. His profile can be visited at http://www.professorkhurram.com. His Twitter handle is @khurramcyber

June 21, 2020
6 days ago

Russia’s Putin: When a country falls from the sky

6 days ago

Healthcare Diplomacy: Diverse voices should tackle problems that transcend borders and politics

12 days ago

A conversation with Thomas Friedman: LIV & PGA